Multi-tenancy authentication error - integration with LibreOffice-Online

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Member II

Multi-tenancy authentication error - integration with LibreOffice-Online

Hi,

I'm using Alfresco Community - 5.2.0 with an AMP module (WOPI host capabilities to Alfresco) to integrate with LibreOffice-Online.

The requests from LibreOffice-Online are using an access_token and when alfresco multi-tenancy is activated and  I tried to perform the requests, alfresco return this exception:

alfresco_1_3bb94ade36e7 | 2018-12-20 17:12:46,580 ERROR [extensions.webscripts.AbstractRuntime] [http-apr-8080-exec-4] Exception from executeScript: 11200006 Authorization 'Bearer' not supported.
alfresco_1_3bb94ade36e7 | org.springframework.extensions.webscripts.WebScriptException: 11200006 Authorization 'Bearer' not supported.
alfresco_1_3bb94ade36e7 | at org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory$BasicHttpAuthenticator.authenticate(BasicHttpAuthenticatorFactory.java:200)
alfresco_1_3bb94ade36e7 | at org.alfresco.repo.web.scripts.servlet.RemoteUserAuthenticatorFactory$RemoteUserAuthenticator.authenticate(RemoteUserAuthenticatorFactory.java:140)
alfresco_1_3bb94ade36e7 | at org.alfresco.repo.web.scripts.RepositoryContainer.authenticate(RepositoryContainer.java:721)
alfresco_1_3bb94ade36e7 | at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:157)
alfresco_1_3bb94ade36e7 | at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
alfresco_1_3bb94ade36e7 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
alfresco_1_3bb94ade36e7 | at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
alfresco_1_3bb94ade36e7 | at org.alfresco.module.aosmodule.service.ContextRootFilter.doFilter(ContextRootFilter.java:93)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
alfresco_1_3bb94ade36e7 | at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
alfresco_1_3bb94ade36e7 | at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
alfresco_1_3bb94ade36e7 | at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
alfresco_1_3bb94ade36e7 | at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
alfresco_1_3bb94ade36e7 | at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2466)
alfresco_1_3bb94ade36e7 | at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2455)
alfresco_1_3bb94ade36e7 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
alfresco_1_3bb94ade36e7 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
alfresco_1_3bb94ade36e7 | at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
alfresco_1_3bb94ade36e7 | at java.lang.Thread.run(Thread.java:745)

If multi-tenancy is not activated works well and the file is returned - no exception returned.

Anyone know how can I fix this? 

Thanks

6 Replies
Master

Re: Multi-tenancy authentication error - integration with LibreOffice-Online

There are various features that are not fully supported in multi tenancy configuration. To my knowledge, this also affects some of the authentication variants. From your stacktrace it seems that whatever OAuth2 component you were using in single tenancy mode has been replaced with Basic HTTP support in multi tenancy.

If you could provide your alfresco-global.properties (with necessary removal of sensitive data) and also other details about the authentication setup not visible in the configuration, we could potentially help with more details...

Highlighted
Member II

Re: Multi-tenancy authentication error - integration with LibreOffice-Online

Axel Faust

alfresco-global.properties:


###############################
## Common Alfresco Properties #
###############################

dir.root=/opt/alfresco/alf_data

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8443
alfresco.protocol=https

share.context=share
share.host=127.0.0.1
share.port=8443
share.protocol=https

### database connection properties ###
db.driver=org.postgresql.Driver
db.username=*****
db.password=*****
db.name=alfresco
db.url=jdbcSmiley Tongueostgresql://db:5432/alfresco
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1

# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=PRODUCTION

### FTP Server Configuration ###
ftp.port=21

### RMI registry port for JMX ###
alfresco.rmi.services.port=50500

### External executable locations ###
ooo.exe=/opt/alfresco/libreoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
img.root=/opt/alfresco/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert

jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco/libreoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=*******************

### E-mail site invitation setting ###
notification.email.siteinvite=false

### License location ###
dir.license.external=/opt/alfresco

### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=localhost
solr.port.ssl=8443

### Allow extended ResultSet processing
security.anyDenyDenies=false

### Smart Folders Config Properties ###
smart.folders.enabled=false

### Remote JMX (Default: disabled) ###
alfresco.jmx.connector.enabled=falsemail.host=localhost
mail.port=25
mail.from.default=*****
mail.protocol=smtp
mail.smtp.auth=false
mail.smtp.starttls.enable=false
mail.smtps.auth=false
mail.smtps.starttls.enable=false
cifs.enabled=true
cifs.Server.Name=localhost
cifs.domain=WORKGROUP
cifs.hostannounce=true
cifs.broadcast=0.0.0.255
cifs.ipv6.enabled=false

nfs.enabled=true

authentication.chain=alfinst:alfrescoNtlm

dir.contentstore=/content/contentstore
dir.contentstore.deleted=/content/contentstore.deleted

#Wopi
lool.wopi.url=http://libreoffice.docker.localhost
lool.wopi.url.discovery=http://libreoffice.docker.localhost/hosting/discovery
lool.wopi.alfresco.host=http://docker.localhost/alfresco

LibreOffice-Online add a "Bearer token" to use in the protocol calls like PutFile, GetFile or CheckFileInfo. 

This is the repo module that was installed in Alfresco: 

GitHub - ArawaFr/libreoffice-online-repo: LibreOffice Online module for Alfresco repository 

Highlighted
Member II

Re: Multi-tenancy authentication error - integration with LibreOffice-Online

Have you fixed it,bro? I faced the same problem. 

Highlighted
Community Manager
Community Manager

Re: Multi-tenancy authentication error - integration with LibreOffice-Online

Hi @Jectpro,

Can you provide more information - perhaps log files, etc?

Thanks, 

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
Highlighted
Member II

Re: Multi-tenancy authentication error - integration with LibreOffice-Online

 

Exception from executeScript: 06130008 Authorization 'Bearer' not supported.
 org.springframework.extensions.webscripts.WebScriptException: 06130008 Authorization 'Bearer' not supported.
	at org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory$BasicHttpAuthenticator.authenticate(BasicHttpAuthenticatorFactory.java:200)
	at org.alfresco.repo.web.scripts.servlet.RemoteUserAuthenticatorFactory$RemoteUserAuthenticator.authenticate(RemoteUserAuthenticatorFactory.java:159)
	at org.alfresco.repo.web.scripts.RepositoryContainer.authenticate(RepositoryContainer.java:721)
	at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:157)
	at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)

This exception only throw when I created more than one tenant. It might be fixed by adding a servet filter, but I don't konwn how to do this.

 

Highlighted
Member II

Re: Multi-tenancy authentication error - integration with LibreOffice-Online

I found out why this happend. When alfresco contain more than one tenant, "BasicHttpAuthenticatorFactory" will change authentication policy. It required "Guest" authentication rather than "None". I suppose the reason is when tured on multi-tenant, server cannot tell "None" from which tenant. 

So the proplem is when I integrated alfresco with Office Online Server, I can't set http-header of request which was sent by Office Online Server. How can I remove the header before "BasicHttpAuthenticatorFactory" catch it?

Best regard.